Clarification on how updates in Ubuntu work

Conceptually, updates on arch make sense: if the package maintainers decide there’s an update, you get an update. But I’ve been trying to understand how it works on Ubuntu. The clearest article was the wiki page on backports. So from what I gather:

  1. When you download ubuntu, you download a specific version of it, with specific versions of software.
  2. Said software might get minor updates, but not major ones.
  3. #2 can be alleviated through stuff like backports, snaps or PPAs.
    Please tell me if I am wrong.

So my problems with these are:

  1. Regarding #2, what happens when a major update comes to a package that needs to be installed, like what if we learn that java 18 has a serious vulnerability, and java 19 will mitigate that and give you a 50 fps boost in minecraft? How feasible are backports and PPAs exactly? Do PPAs cause dependency problems regularly?
  2. This all seems a bit too complicated, compared to something like Endeavour where most software is all in one place (or in the AUR), and there’s no hassle of upgrading to a newer version every set number of months. Yet ubuntu based distros are widely regarded as more beginner friendly, so what am I missing here?
    ~3. Does fedora work in the same way (e.g. freezing software versions)?~ Turns out it’s explained in this article: https://docs.fedoraproject.org/en-US/releases/lifecycle/

Err…that is true of every distro :sweat_smile:

Not all software. Some software will continue to get updates in most cases such as browsers. All libraries will be locked to a specific major version. The same for most software.

backports can help with certain applications. However, most library versions will still be locked. Generally speaking software built for Ubuntu x.y should always work with version x.y.

snaps take a different approach, they containerize the entire application stack so you can have older/newer libraries that are only used for some applications. The same is true of flatpaks and appimages which also can be used on Ubuntu.

ppa’s are just 3rd party repos. They can contain anything.

I am not sure how good of an example Java is here. There will always be ways to get more recent Java versions.

Generally speaking, serious vulnerabilities should be patched. Even if it means backporting patches into the old software. It depends what it is though.

Sure, it is much easier to get software on Arch-based distros in my opinion.

The availability/ease of installing software isn’t the only thing that makes a distro good or bad for beginners?

Yes. Also, no.

Fedora is somewhat interesting. Fedora is fairly cutting edge and has a 6 month release cycles. Generally, new versions aren’t introduced mid-cycle. But sometimes, they are. For example, plasma/kde updates come in mid-cycle.

Even though Fedora and Ubuntu both have 6 month release cycles. Fedora usually has never software because things released very recently can make it into a release. Ubuntu is more conservative with a longer freeze.


There are some pros with Ubuntu compared to Arch

  • Being able to install software without updating the system
  • Having instructions for almost anything you want to widely available
  • Not having new library versions breaking existing software
  • Canonical harvesting your data whenever possible

There is no perfect system.

4 Likes

Have you considered asking on ubuntuforums.org or askubuntu.com ?

Bugfixes are backported, security fixes are backported, performance improvements are not backported, major version changes are not backported (but may be made available as an alternative).

Perfectly feasible.

Also feasible.

Sometimes, as they’re built in isolation from one another.

There are more people working on them, with generally fewer issues caused by regressions in newer software versions, therefore they are not a moving target that people have to continually maintain.

Only specific, limited, changes are made to the available packages therefore there is stability in software versions over the life of the release (18.04 has the same packages for five years, 20.04 has the same packages for fix years, 22.04 has the same packages for five years, etc.).

Yes.

4 Likes

Thank you, especially the second to last part, it really made it click for me.

This as well.

What would you say arch based distros are lacking? Mainly support from the community, and support from some hardware vendors (looking at you, AMD)? I would feel kind of guilty recommending Endeavour to a total newbie although I don’t know why.

I know what you mean. Actually it is quite simple. Just compare the questions being asked here on this forum with questions being asked on other linux forums. You would get the idea that people here generally are a bit more willing to help themselves by studying given solutions to problems that are readily available on the net. People posting their problems here even are generally able to - intellectually - tell what should be told in order to help others here trouble-shoot their problem. So, Arch in general, and Arch based distros seem to be good for people willing to research solutions of possible problems on their own.

All of that being said, much of this is probably only true, due to the best Linux documentation that was ever created, and named as ‘Arch-Wiki’.

I am not sure they are lacking something per se. There are just some realities in that exist.

  • Although this has been changing over the last couple of years, a lot of the “How do I do this?” documentation has instructions for Debian/Ubuntu so a web search is much more likely to give you the answer you need.
  • There are some unavoidable challenges that are introduced by the nature of a rolling release and the newness of the software
    • Since Arch gets applications in the repos almost as soon as they are released, it is much more likely that we will see the bugs that will be fixed by the time they get to other distros.
    • Arch gets updated libraries early. Often before software applications have built support for them.
    • Because libraries and packaging changes on-the-fly, it creates situations where manual intervention is needed during updates.
    • This means there is no good way to support automated or offline updates
    • Partial update scenarios can cause complete chaos and the end-user will simply see it is as breakage.

On the other hand:

  • An AUR helper can install things from the repos and AUR which puts a huge library of software in one place with a single command to update it all
  • There are no major version upgrades, your system just rolls forward indefinitely
  • Arch has simple packaging standards which make it easy to create packages
  • ALPM hooks make automation around package management simple
  • In general, the communities that surround Arch tend to be filled with knowledgable people so it is easy to find people to help you

That being said, there are a few things in Fedora’s dnf that I wish pacman had:

  • Support for executing multiple commands in a single transaction
  • Transaction history and rollback
  • Wildcard support

I wouldn’t feel guilty, but I would also gauge the user you’re recommending to. I wouldn’t recommend it to someone with zero computer knowledge or willingness to get their hands dirty. Then on the sort of flip side some lack experience but are willing to learn which EOS is good for. Recommend based on the person you’re recommending to, not your preference.

Ubuntu works on a more traditional versioning system people are familiar with. Libraries and the core system are frozen long before a release. Major security issues receive back ported fixes for LTS systems but beyond that applications largely update and operate like they do anywhere else.

They’re just a different ideology, I wouldn’t say they’re lacking as much as they’re a bit different than most are use to.

1 Like

In theory, while fedora rawhide is a bit more reserved on these issues, rawhide provides software in development phase, I don’t know if there is a repository for arch like rawhide+koji that gets the latest versions of git (at certain time periods before major releases), regardless of whether they are alphas or betas, from what I understand arch provides the latest stable upstream version, for example I believe this week GNOME 43.alpha will be released in some daily live iso image for those who want it test, no need to mess up your system to test the new one, just create a virtual machine or run from pendrive.

Captura de tela de 2022-07-18 20-44-18

The AUR contains git versions of most packages.

There are also unofficial repos that contain things gnome unstable if you want that.

That being said, that seems like the opposite of what we are talking about here. Now we are talking about ways to make your system even less stable. :sweat_smile:

3 Likes

I understand in this case koji is an earlier level to arrive in updates-testing, packaged by official developers.

I still don’t see how this is relevant to what we were discussing here…

The statement that packages are in theory tested and reported on arch before they reach other distributions

That is not only out of context but not what I wrote.

That statement was part of an answer to “Why is Arch difficult for beginners?”

What I wrote was

“Getting to other distros” in this context obviously means in the released production repos that most users would be using. In no way does it mean “There is no source of packages newer than Arch”. Of course there are pre-release repos and alpha/beta releases provided by the devs. That has nothing to do with the topic at hand…

2 Likes

Full ACK

Imho (I’m no IT professional and no Linux expert), if someone is willing to dive just a little deeper into Linux, EOS feels more structured and more logical and much more KISS than typical “Beginner-Distros”.